[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)
Tony Finch
dot at dotat.at
Tue Apr 17 12:55:30 UTC 2018
Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> The Postfix DNS layer does not look for direct (a -> a) loops and
> recurses when the answer is a CNAME (in case the resolver did not
> recurse all the way to the answer).
That should be unnecessary - part of the point of a recursive server is it
does the work for you :-) So if the server returns a loopy CNAME to a
stub, it should look the same (and be treated the same) as a NOERROR /
NODATA response - a CNAME chain that doesn't end with a record of the
desired type.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
defend the right to speak, write, worship, associate, and vote freely
More information about the dns-operations
mailing list